CVE-2018-25409

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload when the application accepts or prefers a client-supplied MIME type. An attacker can upload files containing executable PHP code by submitting files with a benign MIME type, potentially leading to code execution if...

EUVD-2021-11874

Malware in sbrugna...

EUVD-2019-7620

Malware in sbrugna...

EUVD-2019-18296

Malware in sbrugna...

EUVD-2008-6415

Malware in sbrugna...

EUVD-2007-1998

Malware in sbrugna...

EUVD-2007-0263

Malware in sbrugna...

EUVD-2006-5100

Malware in sbrugna...

EUVD-2017-3366

Malware in sbrugna...

EUVD-2017-8073

Malware in sbrugna...

EUVD-2007-6607

Malware in sbrugna...

EUVD-2022-2496

Malicious code in bioql PyPI...

CVE-2019-9825

FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature...

CVE-2018-11736

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file...

VulnCheck KEV: CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...

ArForms < 6.6 - Unauthenticated RCE

Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form PoC 1. Create a form with an upload input 2. As an unauthenticated user, upload an image file and intercept the request. 3...

PT-2020-6318 · WordPress · Wp File Manager

Name of the Vulnerable Software and Affected Versions: wp-file-manager plugin versions prior to 6.9 Description: The issue allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This allows attacker...

OCS Inventory NG ocsreports Shell Upload

Request 1 This request creates a temporary file containing PHP code in the /usr/share/ocsinventory-reports/ocsreports/a.php.a/ directory. POST /ocsreports/index.php?function=telepackage HTTP/1.1 Host: 192.168.5.135 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:61.0 Gecko/20100101...

CVE-2018-14399

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...